How it works

Technically speaking

Getting started with Prowl is pretty simple: once you receive your Prowl Box, plug it into your existing WLAN infrastructure, login with the custom key we give you, and then with some minor configurations on your dashboard, you will be up and running. The great thing about Prowl is that it's plug and play anywhere. The configuration as of now is limited to desktop but we will be rolling out a mobile app on all devices through 2019 that will allow you to access and control your various network environments no matter where you are.

There are many ways you can calibrate Prowl to your liking, but the Prowl Box comes loaded with a robust security and defense configuration for most environments. There are two types of ways we contain unwanted attacks on a router, or a WLAN network in other words. The people who we know are safe (e.g. returning customers) are put into something called "privileged containers". Privileged containers are defined as any container where the container UID 0 is mapped to the host's UID 0. In such containers, protection of the host and prevention of escape is entirely done through Mandatory Access Control (apparmor, selinux), seccomp filters, dropping of capabilities and namespaces. Those technologies combined will typically prevent any accidental damage of the host, where damage is defined as reconfiguration of the network host's hardware, the host's kernel or accessing the host's filesystem.

Potential DDoS attacks are something that's always a threat. There are several configurations in the dashboard you can set that will make it next to impossible for these things to happen. When running multiple untrusted containers, or when allowing untrusted users to run containers, one should keep a few things in mind and update their configuration accordingly; CGroup limits, user limits, and shared network bridges should all be considered.

On top of proprietary Prowl technology, we've tuned up a GitHub technology called Hoosegow to ensure that Prowl is providing the highest level of security. Hoosegow is designed to add a layer of security onto projects that need to run code that is not fully trusted or audited. Because the untrusted code is running inside a Docker container, an attacker who manages to exploit a vulnerability in the code must also break out of the Docker container before gaining any access to the host system. This means that Hoosegow is only as strong as Docker, which employs Kernel namespaces, capabilities, and CGroups to contain processes running inside a container. This is not true virtualization though, and a process running as root inside the container can compromise the host system and say, run a DoS attack. Any privilege escalation bugs in the host Kernel could also be used to become root and compromise the host machine. Further hardening of the base Ubuntu image, along with tools like AppArmor or SE-Linux can improve the security posture of an application relying on Hoosegow/Docker.

An example of this is someone running untrusted code on your network, possibly a script that will DDoS your router and put all your customers out of WiFi. This is just one of the many attack vectors Prowl has been designed to contain.

To give secure even further trust, we are using something called the Twelve Factor App, which is a premier security technology in the Docker- Container ecosystem to date. You can find it here at https://12factor.net/‍For more more an in-depth look on documentation please visit our official GitHub link and read hours of documentation! https://github.com/Prowl-Documentation‍‍‍